CircleID: Policy & Regulationhttp://www.circleid.com/topics/
Latest Policy & Regulation related postings on CircleIDenCopyright 2017, unless where otherwise noted.2017-08-17T14:21:00-08:00CircleID13045http://www.circleid.com/images/logo_rss.gifhttp://www.circleid.com/
China Continues VPN Crackdown, Targets Alibaba and Other Ecommerce Siteshttp://www.circleid.com/posts/20170817_china_continues_vpn_crackdown_targets_alibaba_ecommerce_sites/http://www.circleid.com/posts/20170817_china_continues_vpn_crackdown_targets_alibaba_ecommerce_sites/
In the latest series of measures taken by China to clamp down on use and distributions of VPNs, Chinese authorities have issued warning to the country's top ecommerce platforms, including Alibaba's Taobao.com, over the sale of illegal virtual private networks that allow users to skirt state censorship controls. Reuter reports: "Five websites have been asked to carry out immediate "self-examination and correction" to remove vendors that sell illegal virtual private networks (VPNs), according to a notice posted by the Zhejiang provincial branch of the Cyberspace Administration of China (CAC), China's top cyber regulator. Some of them were ordered to halt new user registrations, suspend services and punish accountable staff." Last month China also passed laws which will come into effect February 2018, requiring telecommunications providers to block people from using VPNs.
]]>2017-08-17T13:24:00-08:00internetcensorshippolicy_regulationtelecomCloudflare Reverses Long-Held Policy to Remain Content-Neutral, Ends Service to the Daily Stormerhttp://www.circleid.com/posts/20170817_cloudflare_reverses_long_held_policy_to_remain_content_neutral/http://www.circleid.com/posts/20170817_cloudflare_reverses_long_held_policy_to_remain_content_neutral/
Cloudflare on Wednesday reversed its long-held policy to remain content-neutral and terminated its service to neo-Nazi site, The Daily Stormer. Kate Conger reporting in Gizmodo writes: "Prince explained in an internal email to staffers that he doesn't think CEOs of internet companies should be in the position of policing content on their networks ... that's a job that should ultimately be left up to law enforcement if the content violates the law — but felt pushed to act because the operators of the Daily Stormer are "assholes." ... Prince wants to spark a conversation about how tech should respond to abhorrent content, and whether content should be policed by registrars, browsers, or social networks."

— "Earlier today, Cloudflare terminated the account of the Daily Stormer. We've stopped proxying their traffic and stopped answering DNS requests for their sites," Matthew Prince wrote in a blog post yesterday. "The tipping point for us making this decision was that the team behind Daily Stormer made the claim that we were secretly supporters of their ideology."

— Apple and PayPal disable payment support from websites selling white nationalist and Nazi apparel. Apple confirmed has also confirmed that it has disabled Apple Pay support for various websites selling sweaters with Nazi logos, T-shirts emblazoned with the phrase "White Pride," and a bumper sticker showing a car plowing into stick figure demonstrators.

]]>2017-08-17T11:58:00-08:00internetcensorshipcloud_computingpolicy_regulationShould the EB-5 Investor Visa Program Recognize Cyber Workers?http://www.circleid.com/posts/20170812_should_the_eb_5_investor_visa_program_recognize_cyber_workers/http://www.circleid.com/posts/20170812_should_the_eb_5_investor_visa_program_recognize_cyber_workers/
The EB-5 Investor Visa Program was created by Congress in 1990 to "stimulate the U.S. economy through job creation and capital investment by foreign investors." The program, administered by the Department of Homeland Security's U.S. Citizenship and Immigration Services (USCIS), provides that "entrepreneurs (and their spouses and unmarried children under 21) are eligible to apply for a green card (permanent residence) if they:

Make the necessary investment in a commercial enterprise in the United States; and

Plan to create or preserve 10 permanent full-time jobs for qualified U.S. workers."

The EB-5 program encourages foreign entrepreneurs to invest in a Targeted Employment Area (TEA). A TEA is defined as a rural area or an area where the unemployment rate is at least 150% of the national average. The EB-5 program has delegated to states the authority to designate various TEAs on a project-specific basis. By locating a commercial enterprise in a state-designated TEA, foreign investors sharply reduce the size of investment that is needed to qualify for a green card.

The EB-5 regulations, which were written in 1990, take a geocentric approach to defining TEAs by assuming that an enterprise's employees live near its principle place of business. In 1990, this was not an unreasonable assumption. It is today. It is now common for American workers to physically commute to jobs that are located in different metropolitan areas and to cyber-commute to jobs anywhere in the country. Internet-based employment is an efficient means of providing economic opportunities to workers who live in rural America and areas of high unemployment.

The current TEA designation process has been the subject of criticism over concerns that the EB-5 investments are not helping the program's intended beneficiaries. In response to criticism and the passage of time, DHS is updating its EB-5 regulations. DHS's Notice of Proposed Rulemaking explains that the program's reliance "on states' TEA designations has resulted in the application of inconsistent rules by different states. ... the deference to state determinations provided by current regulations has resulted in the acceptance of some TEAs that consist of areas of relative economic prosperity linked to areas with lower employment, and some TEAs that have been criticized as 'gerrymandered.'"

DHS's response to this concern is a proposal to (1) centralize TEA decisions in Washington and (2) create an even more georestrictive requirement for TEAs. The proposed rule does not consider Americans who could "commute" to work via the internet. In short, the proposed regulation doubles-down on the 1990 mindset that workers live near their place of employment, a faulty assumption that has helped fuel the "gerrymandering" issue.

There is no statutory requirement that new commercial enterprises be physically located in TEAs in order for investors to qualify for the TEA provisions of the EB-5 program. To the contrary, the statute states that investor visas "shall be reserved for qualified immigrants who invest in a new commercial enterprise ... which will create employment in a targeted employment area."

One option for the EB-5 program would be to allow a new commercial enterprise to qualify for TEA EB-5 investment, irrespective of the business's location, by committing to hire workers who live in a designated TEA. By leveraging the internet, the EB-5 program could provide technology jobs to Americans who live in rural and high unemployment areas.

]]>2017-08-12T11:17:00-08:00internetlawpolicy_regulationIs a New Set of Governance Mechanism Necessary for the New gTLDs?http://www.circleid.com/posts/201708010_is_a_new_set_of_governance_necessary_for_the_new_gtlds/http://www.circleid.com/posts/201708010_is_a_new_set_of_governance_necessary_for_the_new_gtlds/
In order to be able to reply to the question of whether a new set of governance mechanisms are necessary to regulate the new Global Top Level Domains (gTLDs), one should first consider how efficiently the current Uniform Domain-Name Dispute-Resolution Policy (UDRP) from the Internet Corporation for Assigned Names and Numbers (ICANN) has performed and then move to the evaluation of the Implementations Recommendations Team (ITR) recommendations. In September 2008, an analysis of the opportunities and problems for trademark owners presented by the introduction of new gTLDs [1] was published in the Trademark World magazine.

That analysis identified several brand protection challenges such as the absence of required pre-launch rights protection mechanisms (RPMs), the problems of defensive registrations, and the unprecedented potential for cybersquatting [2]. According to Kristina Rosette [3] an Intellectual Property Constituency Representative to the ICANN's Generic Name Supporting Organization (GNSO) Council and ex-member of the Implementation Recommendation Team, ICANN has made little advancement on the issue of trademark protection in the new gTLDs despite the efforts of numerous trademark owners, associations, and lawyers.

Issues with the UDRP

In February 2010, the ICANN GNSO council passed a resolution [4], requesting ICANN staff to draft an Issues Report [5] on the current state of the UDRP. According to that motion, the draft had to focus mainly on issues of:

— How insufficiently and unequally has the UDRP addressed the problems of cybersquatting;

— Whether the definition of the term 'cybersquatting' needed to be reviewed or updated in the existing UDRP language including a possible revision of the policy development process. In his book [6] 'The Current State of Domain Name Regulation: domain names as second-class citizens in a mark-dominated world', Dr. Komaitis has interestingly outlined some of the major issues related to the UDRP, which have commonly contributed to its procedural unfairness. Some of those issues [7] can be broken down to:

The panellists associated with the UDRP have mainly a trademark law background which is not sufficiently oriented to the multi-stakeholder approach;

The UDRP makes arbitrary use of precedent. One unique feature of the emerging arbitration process under the UDRP has been the development of its own jurisprudence. While most arbitration is done with little, if any, public disclosure, the publication of UDRP opinions on the Web, has led to a practice of citing back to previous panel decisions. Some decisions have used the previous cases with only the weight of persuasive authority, while others appear to view themselves as being bound by precedent. In several cases, panels have used opinions from previous cases as persuasive authority to help address a variety of procedural and substantive matters. For example, J.P. Morgan v. Resource Marketing (jpmorgan.org) D2000-0035 [8] was a dispute involving an American Complainant and an American Respondent. The Respondent's reply was late and the Complainant argued for the inadmissibility of the late response (the Complainant cited Talk City, Inc. v. Robertson (talk-city.com) D2000-0009 [9] as precedent for this position).

The UDRP is based upon the assumption that all domain name registrations are potentially abusive and harmful without any distinction or assessment between actual harm and the likelihood of such harm. In practice, this is not always the case.

There is no authority responsible for the validation of the decisions that emerge from the UDRP panels.

The bad faith element is open to wide and discretionary, if not discriminatory, interpretations. Trademark attorneys were initially concerned by the UDRP's badfaith use requirement because under US trademark law, "use" meant that the domain name had to be "used in commerce" [10]. Three of the four factors outlining bad faith do not require any use per se, at least as defined in common parlance, and many of the early decisions under the UDRP have similarly found bad faith in the absence of any traditional use of the domain, indeed even in the absence of an active website. For example, in the first case decided under the UDRP, World Wrestling Federation, Inc. v. Bosman (worldwrestlingfederation.com) D99-0001 [11], the Panel resolved that an offer to sell amounts to "use" of the domain name, even if that offer constitutes the Respondent's only use of the name. In short, an offer alone may constitute "use" sufficient to merit a finding of bad faith — a finding cited as authority in numerous subsequent cases.

The UDRP promotes an inconsistent system, despite the fact that it is meant to be uniform. The worryingly high number of default cases requiring UDRP intervention can demark this [12]. At the same time the UDRP does not provide equal incentives to both parties. Given the fact that there is such speculation concerning the substantive and procedural deficiencies of the UDRP, many of these issues could have been addressed via a review process. However, many ICANN community members believed that this is not the best time to review the UDRP. WIPO's Erik Wilbers [13] said "Irrespective of one's views on its functioning, the UDRP must interoperate with other RPMs being developed for New gTLDs"

Enter the ITR Recommendations

In 2006, the ICANN Board officially authorised the expansion of the Root and the addition of new gTLDs. To support this process ICANN formed the IRT, which in return produced a report in 2009. A significant part of that program focused on what types of Rights Protection Mechanisms (RPMs) should be in place for intellectual property holders and particularly for trademark owners. After several meetings, teleconferences and consultation with various interest groups the ITR came up with several draft recommendations for several proposed solutions consisting of the following potential mechanisms, to which they assigned high priority [14]:

Globally Protected Marks List (GPML) - The trademark Clearinghouse is charged with validating all data regarding the GPML application [16]. Once the Clearinghouse finishes with the validation and compiles the initial GPML, ICANN publishes it before the request for proposal or RPF issues. This publishing by ICANN is done beforehand so that there are no potential applicants trying to register a protected mark.

The IP Clearinghouse would be a centralised database with two principal functions:

A central database for all new gTLD registries (and possibly registrars) to interact with, in relation to GPML, IP Claims, and URS; and

Information repository for specific information collection and data validation services. Trademark owners would submit data about their trademark rights [17], and the IP Clearinghouse would authenticate that data.

It could then push the authenticated data to new gTLD registry operators, or those registry operators could pull the data to support pre-launch RPMs, the GPML, and the URS. The IRT intended the IP Clearinghouse to introduce efficiencies for trademark owners, new gTLD registries, and registrars. Most comments on the IRT Final Report either supported or did not object to the IP Clearinghouse recommendation [18].

It seems beneficial to have an organisation that operates to reduce the time and money [19] necessary for brand owners to register in and police the new TLD space. The IP Clearinghouse would be tasked with supporting applications such as the Watch Service, IP Claims Service, Uniform Rapid Suspension System (URS) and Globally Protected Marks List. As a result, the IP Clearinghouse would not only require certain types and levels of expertise, but would also probably be a for-profit organisation, in such case the intriguing questions to ask would be:

How would such an organisation be able to provide low-cost mechanisms and demonstrate the proper level of expertise?

How would registries and registrars be indemnified for using the Clearinghouse?

What would be the source for any such indemnification, and how would it be funded?

What frequency of IP clearinghouse updates would registries need to check, daily or real time?

If a registry elects to use the IP Clearinghouse on an on-going basis and not just for pre-launch activities, how will the IP Clearinghouse support registry operations

without impacting Service Level Agreements (SLAs) or registry performance?

Will ICANN renegotiate all SLAs for query times to account for these processes?

What provisions will be made if use of the Clearinghouse causes registries to default on SLAs?

Would registries be required to send a query to a centralised database for every new registration request, potentially impacting registry and registrar operations as well the customer experience?

What would happen when the clearinghouse is not accessible?

Would new registrations have to cease? (Resulting in potentially significant consequences.)

What would the new role of relationships between registries, registrars and the Clearinghouse be? Would a registry have the relationship with ICANN, and ICANN have the relationship with the Clearinghouse?

The final report does not address the issue of archiving of the IP Clearinghouse data, as it will be handy that historical archives of the data be maintained and accessible. Also, specific requirements for this should be specified including a definition of access rights.

The Globally Protected Marks List proposals

The IRT recommended the creation of a GPML to provide additional protections for Globally Protected Marks (GPM) at the top and second levels. The IRT recommended strict eligibility criteria for the GPML:

Ownership by the trademark owner of [number][20] of trademark registrations of national effect for the applied-for GPM that have issued in at least [number] countries across all five ICANN geographic regions with minimum number of registrations in each region;

All trademark registrations must have issued by the date that GPML applications are first accepted and must be based on trademark registration applications filed by 1 November 2008; and

Second-level domain for GPM's principal online presence must be identical to GPM.

At the top level, the IRT recommended that applied-for gTLD strings be analysed for confusing similarity against GPMs, and that an application found to be an identical match or confusingly similar to a GPM would fail. A failed application could not proceed unless the applicant prevailed in an Initial Evaluation Reconsideration process, which would be available to all applications that failed the string confusion analysis. An applicant could prevail by demonstrating either that an applied-for TLD string is not sufficiently similar as to be likely, as a matter of probability and not mere possibility, to deceive or cause confusion or that it otherwise has legitimate rights to use the applied for TLD.

At the second level, the IRT recommended an initial block of second-level domain names that are an identical match to the GPM. However, a potential registrant of an initially blocked domain name could register the name, if it could show, using the criteria of the UDRP, that it had a right or legitimate interest in the domain name. Furthermore, some of the major problems that the GPML can raise are as follows:

The GPML will exorcise certain words from the DNS as it promotes protection of strings of characters, rather than protection of the mark [21] and its association with goods or services;

The GPML will create an alternative, new category of trademarks that do not fall within the famous/well-known category;

The GPML will include very esoteric scientific and technical terms that are currently used worldwide

The GPML overrides the fundamental legal principle that only courts can determine whether a mark qualifies as "famous";

The GPML will help a trademark owners elevate the status of their trademarks to the protection of "text strings" not trademarks;

The GPML will not favour consumer protection and the same time it will violate a fundamental norm of Free Speech and Freedom of Expression via the prohibition on its 'prior restraint'

The IRT developed the GPML in response to the most frequently proposed trademark protection solution "A-list". However, the GPML was likely the most frequently criticised IRT recommendation [22]. Some criticised the GPML for being a "famous marks list", some criticised it as being too political, some criticised it as likely to generate problems far out of proportion to the benefits, and some criticised it because the IRT Final Report did not provide definitive eligibility criteria.

The IRT had asked ICANN staff to conduct the quantitative research necessary to propose eligibility criteria because the IRT did not have time, and did not want to be accused of bias. Although ICANN staff agreed to do so, ICANN staff later acknowledged in late October 2009 that the research had not been completed [23].

According to Professor McCarthy, all assumptions need to be proven in order to justify extra protection. He suggests that consumers are not so easily confused and he presents the very interesting example of Amazon to show that, although Amazon can be considered a famous mark that does not imply that it is worthy of extra protection against all other uses. Amazon can mean different things (the great river basin of South America and Greek women warriors), which makes it not an arbitrary mark. If someone needs to know where to acquire Amazon food, Amazon drinks, Amazon Gyms, for example, this does not automatically mean that Amazon should be able to block its use on the basis of fame. The GPML will create even more problems for generic terms, such as TIME, PEOPLE, FORD, SHELL, and many others.

The Uniform Rapid Suspension System

The development of a low-cost and rapid takedown of an infringing domain is a top concern for brand owners. As a result, the URS is the most important proposal in the IRT's report, which is based on a low cost pre-registration system, where trademarks can be placed on file for potential future disputes, and a system that facilitates filing against multiple registrants and multiple domain names simultaneously. However, the IRT maintains that the URS would preserve a registrant's right to a hearing and/or appeal and would not replace other current options available, such as the UDRP or other litigation options. While the URS might not replace [24] the other enforcement options, the way that a URS decision could impact the outcomes of those other avenues should be taken under consideration during the further development of the URS.

How can a trademark owner regain the domain name for his own use?

Would the trademark owner have to file a UDRP in order to do so?

How would the outcome of the UDRP be affected by the URS?

The URS should also include provisions that shift the burden of payment for the dispute process to the infringer. A system in which the party that loses the dispute is responsible for the cost of the dispute will create a deterrent against future abuse.

Domain suspension on ServerHold should be indefinite – in perhaps the most significant clarification that is needed to the IRT's recommendations, if the URS does not provide for transfer, the suspension of the domain should at least last indefinitely, or so long as the successful Complainant continues to periodically reverify the validity of its own trademark rights (such as through the periodic reverification process for the trademark's data in the IP Clearinghouse). Otherwise the URS will suffer from the same symptom that saddles trademark owners with an expensive portfolio of domain names that were acquired defensively to eliminate consumer confusion, but which have no business use and requires serial enforcement actions over the same domain as it expires and is released. Instead, if the complainant does not have the option of obtaining the transfer of the domain, it should at least be placed on indefinite ServerHold with no expiration.

The Respondent should bear the burden of proving it has legitimate rights in the Domain – By allowing the registrant merely to supply "evidence" that they have some legitimate right in the domain name, and by allowing the registrant to answer at any time during the registration, the IRT invites registrants to delay the deactivation or transfer of the name, by filing deficient or fabricated answers.

Examination factors (trademark examination) – The requirement that the complainant's registered trademark must have been issued by a jurisdiction that conducts substantive examination of trademark applications should make clear that it only requires examination on absolute grounds (of descriptiveness, functionality, etc.). While the IRT points out that reliance on registrations that undergo no substantive evaluation resulted in gaming the system during, for example, the .eu launch, this concern does not require relative examination, and requiring it would, as an example, render one of the world's most meaningful trademark registrations, a European Community Trade Mark (with an opposition system but no examination on relative grounds) an improper basis for a URS proceeding.

Impact of these RPMs on trademark law

The RPMs should enforce and protect existing trademark rights, but not create new rights to make an already complicated situation complex.

A trademark is limited to specific classes of goods and services, and the vast majority are not global marks but are also geographically circumscribed; therefore, the use of a trademark as or within, a domain name cannot automatically confer pre-emptive power as to all goods and services or all locales in the context of a global Internet. Setting limits on the scope of trademark rights in the DNS is particularly important where the trademarked word(s) is of the generic dictionary variety and overly expansive rights could stifle ecommerce competition and innovation.

It can be tricky and not clear to have the 'mark + generic term' proposal as creation of a new right beyond that conferred by trademark law, as well as degradation of the purpose of the TMC as an authoritative repository of trademarks meeting certain high standards for inclusion. In addition, because many potential combinations of marks plus generic terms would likely be non-infringing, such an expansion would result in an ordinate number of trademark claims service "false positive" warning notices to innocent potential registrants who, lacking sophistication in trademark law, would be unjustifiably deterred from completing the registration process. As a consequence of the GPML and impact of the clearinghouse, the following marks are not eligible [25] for inclusion in the Clearinghouse:

Registered trademarks such as:

Trademark applications;

Trademarks registered by a city, state, province, or sub-national region;

International trademark applications made via the Madrid system unless the underlying basic trademark registration has national effect;

Registered marks that were subject to successful invalidation, cancellation, opposition, or rectification proceedings.

]]>2017-08-10T20:53:00-08:00internetcybersquattingdnsdomain_namesicannintellectual_propertyinternet_governancelawpolicy_regulationregistry_servicestop_level_domainsudrpBritish Organizations Could Face Massive Fines for Cybersecurity Failureshttp://www.circleid.com/posts/20180808_british_orgs_could_face_massive_fines_for_cybersecurity_failures/http://www.circleid.com/posts/20180808_british_orgs_could_face_massive_fines_for_cybersecurity_failures/
Organizations who fail to implement effective cybersecurity measures could be fined as much as £17 million or 4% of global turnover, as part of Britain's plan to prevent cyberattacks that could result in major disruption to services such as transport, health or electricity networks. The Guardian reports: "The move comes after the [National Health Service] NHS became the highest-profile victim of a global ransomware attack, which resulted in operations being cancelled, ambulances being diverted and patient records being made unavailable. ... The issue came to the fore again after a major IT failure at British Airways left 75,000 passengers stranded and cost the airline £80m… The consultation will also focus on system failures, with requirements for companies to show what action they are taking to reduce the risks."
]]>2017-08-08T06:30:00-08:00internetcyberattackcybersecuritypolicy_regulationRenewed Internet.nl Website: Modern Standards Need to be Used for a Free, Open and Secure Internethttp://www.circleid.com/posts/20170804_renewed_internet_donl_website_modern_web_standards/http://www.circleid.com/posts/20170804_renewed_internet_donl_website_modern_web_standards/
Modern Internet Standards provide for more reliability and further growth of the Internet. But are you using them? You can test this on the Dutch website Internet.nl (also available in English and Polish). Recently the website was renewed. Not only the style has been adapted, but also the way the tests are performed and the test results are shown. A lot of additional information has been added, so that even the tech savvy internet users can find an explanation underpinning the test results.

The website, an initiative of the Dutch internet community and the Dutch Government, is used to promote standards that will enable us to make the best possible use of the internet as we know it. To beat internet crime and to improve our interconnectivity, we strongly believe in applying these modern internet standards. These will safeguard our websites, our email communications and our privacy — something all of us should care about. We are very happy to see a growing number of users, that test local connections, domains as well as email settings. The tests provided at Internet.nl are quite fast and based on international collaboration efforts within the internet community. We think this is the only reasonable way forward in order to keep the internet as a source of connecting people, sharing information and open access to a wide range of resources. We constantly aim at improving both our tests and our advise to the users of our website. This is only possible thanks to the continuing support of the members of the Dutch Internet Standards Platform. But also your use of Internet.nl and all your questions and comments help us to better understand how these modern standards can be used in the best way.

As a spin-off of our efforts, earlier this year the Dutch Secure Email Coalition was established: an initiative that aims to focus on improving security in our daily use of email. Besides members of the Dutch Internet Standards Platform this coalition has new members from the Government and Industry sector that closely work together in sharing knowledge and experience regarding the implementation of modern standards like DMARC/DKIM, SPF and DNSSEC. Our first meetings have been very informative and productive and I look forward to see a growing number of organizations implementing these standards.

I hope that still more users will find Internet.nl not only useful, but inspiring as well. The Hall of Fame shows that a growing number of organizations and individuals are able to reach a 100% score. I think that this is really promising and hope that all of you will help us to keep the internet, open, free and secure!

]]>2017-08-04T08:49:00-08:00internetaccess_providerscybersecuritypolicy_regulationwebSlovaks Worry About the Future of Their Country's .SK TLDhttp://www.circleid.com/posts/20170802_slovaks_worry_about_the_future_of_their_sk_tld/http://www.circleid.com/posts/20170802_slovaks_worry_about_the_future_of_their_sk_tld/
Almost every country code Top-Level Domain (ccTLD) has had some kind of rough and clumsy start at its sunrise. Internet was young, everything was new, and whoever took the national TLD first, got power over it. The situation eventually sorted out, and now most ccTLDs are drama free, well-operated for the benefit of people and the Internet communities in those countries. Unfortunately, not in Slovakia.

Troublesome .SK

DOT SK has been in some kind of trouble since its beginning. After the dissolution of Czechoslovakia in 1993, which at that time operated its own .CS TLD, two new countries were created: Czech Republic with .CZ TLD, and Slovakia with .SK TLD.

Slovakian TLD was managed by a non-profit organization called Eunet Slovakia, seated at the Comenius University. Those were good times. However, certain people decided to rename their company to Eunet Slovakia, s.r.o. (s.r.o. means Ltd., note the almost exact name). Then in 1999 they purposely misguide ICANN to change .SK ownership to this company, which was immediately afterward sold to the foreign investors. ICANN executed delegation record update in good faith, not knowing that ownership was in fact transferred from a non-profit to private business. In effect, .SK was stolen.

As disturbing as this sounds, it continues to be the case. We in Slovakia deal with the consequences every day. I do not want to dig much into the history, as it would be certainly a good topic for a separate article. If you are curious more about this, look at the story by Ond&rcaron;ej Caletka. The story is based on my speech given at the IT17 conference in Prague a few weeks ago.

Now, it is not impossible to run a ccTLD through private ownership if reasonable policies are in place that meet the satisfaction of the government, citizens and the community. This is the case in many countries. Let's look at how it is in Slovakia.

Stuck in the past

The system we operate now was created in 2002 when a major pre-registration occurred. Since then, there have been only fractional changes to this system. Whatever you see on www.sk-nic.sk now, was pretty much what you would have seen 15 years ago. During all this time, SK-NIC was purely focused on its profit. There were no significant changes, no updates, no investments back to TLD. Selling a unique commodity without any competition is indeed a great business.

There is no API, so registrars need to emulate browser clicks to automate domain operations. Also, DNSSEC is missing. Domain changes and transfers are not done online as you would expect, but they need a signed paper document to be sent to SK-NIC for an actual confirmation.

Foreign personnel and companies are forbidden to register .SK, so they had to use local proxy contacts, which is usually a registrar company. As an outcome of those neglected domain rules, we ended up with more than 50% of all .SK registrations having inaccurate owner data on file.

In other words: take any random existing .SK domain, and you have only 50% chance to know who the real domain owner is.

Non-revokable Contract

All this irresponsibility would be a valid reason for looking into alternate solutions for managing .SK. However, it is not that easy. SK-NIC, a.s., as a follow-up company of aforementioned Eunet Slovakia, s.r.o., has a valid contract with the Government of Slovak republic. And such contract is non-revokable. It cannot be terminated without SK-NIC consent. Something like this would definitely be considered blatant operation today, but this agreement is the result of corrupt environment that existed in the wild 90's and early 2000's. At that time, former post-communist Eastern European countries looked more like the wild west than a well-arranged society. Shady businesses and corrupt behavior were common.

While the situation could be considered bad, it gets even worse. People who run SK-NIC now also own the fourth Slovakian cellular phone carrier. They decided to focus on other investments, thus sell SK-NIC to investors. Like if ccTLD operation was some merchandise for sale. Surely, selling ccTLD managing company has attributes of stealthy redelegation, but when we pointed this out earlier this year, ICANN only wished us a good luck dealing with local authorities.

And who is about to be stealthily redelegated for the .SK? One of the world's largest registry service providers, a London-based company CentralNic.

CentralNic Nightmare

CentralNic is a ccTLD nightmare. The way how they operate entrusted ccTLD registries is something no one would like to see in their country. Let's consider two examples:

.LA is a TLD of Lao People's Democratic Republic, or simply Laos. It is promoted as TLD for Los Angeles. CentralNic has seized valuable domain names, and those are being sold at the registry website for exorbitant prices, using a backend interface prone to common glitches.

.PW TLD belongs to the Republic of Palau. It is marketed as a Professional Web. Registration price and availability are so cheap and easy to get that .PW has became an apparent choice for spammers.

Whatever mess is happening now with the .SK TLD was not planned. The
CentralNic's purchase of SK-NIC stocks was projected to happen at the
beginning of this year, silently and behind the closed doors. Only because information about possible acquisition accidentally leaked from SK-NIC, the Internet community of Slovakia woke up and started fighting for their TLD.

Campaign for .SK

Petition website NašaDoména.sk(OurDomain.sk) was created, demanding to return .SK back to people. The ultimate goal is to establish an independent non-profit organization for .SK management, and release ccTLD from the long-time seizure of a single private company.

There are 17 web hosting companies behind the petition, 13 of TOP 15 .SK registrars, maintaining more than 73% of all registered .SK domains. Along with that, the campaign is supported by major telecommunication companies and Internet service providers, as well as non-profit organizations and local opinion leaders.

It makes the situation a bit difficult to grasp that Slovakian registrar companies are asking so loudly for the change. Currently, they need to employ a bunch of workarounds to deal with the obsolete SK-NIC system. With CentralNic coming, those no longer will be necessary, thus registrars will profit the most from this change. But it has drawbacks. The whole CentralNic investment will need to pay back. Say goodbye to lower domain prices, and say hello to furious profit hunting, backed by questionable business practices such as those mentioned above.

Sometimes you just need to do what is right, regardless of outcome profit or loss. Therefor Slovakian registrars have boarded a prickly journey. They demand a major change, following the proven model from other countries. For example, in nearby Czech Republic, their .CZ is operated by CZ.NIC, a non-profit organization with an open membership for everyone. On top of their regular TLD agenda, they maintain several interesting open-source projects and contribute to national cybersecurity.

Revenge

CentralNic utilizes a huge marketing budget. It is probably no surprise, that biased articles popped online, showing only CentralNic's point of view. This was quite expectable, as there are millions of Euros at stake. Less understandable is, how serious online magazine can publish an unbalanced material without giving the other side any possibility to comment.

As written in those articles, they can label us as a political lobbyist, or business personals, or just naive kids. But they can hardly cover how all this .SK transition is happening without a proper discussion in place. Even against the will of Slovakian people and the community.

]]>2017-08-02T13:37:00-08:00internetdomain_namesicannpolicy_regulationregistry_servicestop_level_domainsU.S. Senators to Introduce IoT Security Billhttp://www.circleid.com/posts/20170801_us_senators_to_introduce_iot_security_bill/http://www.circleid.com/posts/20170801_us_senators_to_introduce_iot_security_bill/
U.S. senators on Tuesday announced plans to introduce legislation seeking to address vulnerabilities in IoT devices. Dustin Volz reporting in Reuters: "The new bill would require vendors that provide internet-connected equipment to the U.S. government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities. ... A Senate aide who helped write the bill said that companion legislation in the House was expected soon."
]]>2017-08-01T11:55:00-08:00internetcybersecurityinternet_of_thingslawpolicy_regulationUDRP and the ACPA Differences, Advantages and Their Inconvenienceshttp://www.circleid.com/posts/20170730_udrp_and_the_acpa_differences_advantages_and_their_inconveniences/http://www.circleid.com/posts/20170730_udrp_and_the_acpa_differences_advantages_and_their_inconveniences/
Along came the Cyber-squatters with the dot COM boom

One problem with the Internet, non-existent before 1994, is the confrontation between persons who, either intentionally or unintentionally, create an address on the Internet which includes someone else's trademark. — Michael A. Daniels [1], Chairman of the Board for Network Solutions Inc. (July 1999)

With the difference of just a month the Anti Cybersquatting Consumer Protection Act (ACPA) was enacted in November 29, 1999 while the Uniform Domain Name Dispute Resolution Policy (UDRP) of ICANN was approved in October 24, 1999. While any decision to pursue cyber-squatters under the ACPA or the UDRP belongs to the trademark owner, the attorney who advises the trademark owner should have a good working knowledge of the benefits and weaknesses of each method.

The UDRP and ACPA differences – their advantages and inconveniences

The ACPA and the UDRP provide two separate and distinct methods for resolving domain name disputes. Both alternatives have many critics and proponents, but the true value of each will ultimately be determined by how well each combats cyber-squatting. Separately, the UDRP and the ACPA will probably work well to defuse most of the cyber-squatting that is currently invading the Internet. If combined together the UDRP and the ACPA can be a cost saving and effective way to prevent cybersquatting with the top-level domains (TLDs), the country codes top-level domains (ccTLDs) and the future new generic top-level domains (gTLDs). Nonetheless, neither is specifically tailored to be more effective for any specific case, but each one provides noticeable benefits to different types of cases.

Because the UDRP is less expensive than litigation, ICANN's UDRP is probably best suited for small businesses and trademark owners that are merely attempting to stop the use of their trademark. This method will also be helpful to those trademark owners who are fighting registrants that registered their domain names prior to the enactment of the ACPA, because under the ACPA, the trademark owners would not be able to receive damages.

Litigation under the ACPA [2] will be better suited for celebrities, i.e., Tom Cruise, Brad Pitt, etc., and for large companies seeking damages. Also, the 'in rem' proceeding seems enticing, but the well-advised counsellor should note that this proceeding is used only in very specific circumstances. The downside of ACPA lawsuit, is that lawsuits are extremely expensive, time-consuming, stressful and uncertain.

Considerable investment is required in terms of a good attorney and it can take years to get a resolution as to be successful in an ACPA lawsuit, the trademark owner must prove:

(1) that the mark is valid;
(2) the mark was distinctive when the site was registered; and
(3) the domain is identical or confusingly similar to the mark.
(4) the website owner registered the site in bad faith in order to profit from the mark;

The 'in rem' provision in the ACPA lawsuit is limited to the United States because ACPA is a U.S. Statute, hence the concerned trademark business needs to have substantial ties to the U.S. in order to bring a case under the ACPA lawsuit in U.S. Courts for example CNN news Vs CNN china.

If speed and cost efficiency are the two most desirable objectives for the client, then the UDRP is the best alternative. If these two objectives are not the primary concerns, then the ACPA may be a better alternative.

Some of the major drawbacks [3] of an UDRP proceeding is that there is no possibility of monetary damages in a UDRP proceeding. This is probably the major reason that some individuals or organisations prefer to take their chances with a lawsuit. Also, there is no opportunity for investigation, like there is in a civil lawsuit. The arbitrator's decisions are mandatory in the sense that accredited registrars are required to take the necessary steps to enforce the decision, such as transferring the concerned name. However, under the UDRP, either party retains the option to take the dispute to a court for independent resolution. Thus, it is possible that the dispute will not end at arbitration.

Another consideration focuses on when the domain name was registered. If the registration date is prior to the enactment of the ACPA then statutory damages are unavailable, making litigation appear financially less interesting. The UDRP applies to domain names registered prior to the ACPA, but the UDRP only applies to top-level domain names. Country code domain names are not covered under the UDRP and, in those cases, the ACPA is the only option. If the client merely wants the domain name transferred or cancelled, then the UDRP makes more sense economically (so long as the domain name is a top-level domain name). The ACPA provides for transfer and cancellation, but these remedies are only available once the client has gone through the legal process and thus, accrued attorney fees and court costs. Also if the registrant is unavailable or cannot be found, then the ACPA is the only remedy that is available to the client. It can be argued that the UDRP has a comparable method because when a registrant does not respond to the complaint the proceeding continues and judgement is rendered without a response.

Of course if damages are important, the ACPA is the appropriate method for battling the cyber-squatter. If time is most important and no injunction is necessary, then the UDRP may be more appropriate. If time and money are not important and the client does not care whether he receives damages or not, then either may be chosen. It is interesting how a simple choice between two options can become a complicated decision. This underscores the fact that there are no absolutes in the law and that advising a client regarding which avenue to take when battling a cyber-squatter is no exception.

]]>2017-07-30T08:59:01-08:00internetcybersecuritydomain_namesicanninternet_governancelawpolicy_regulationtop_level_domainsudrpEFF Cautions Against Unfair TLD Policies, Offers Advice on Choosing New gTLDs for Best Protectionhttp://www.circleid.com/posts/eff_cautions_against_unfair_tld_policies_offers_recommendations_on_choosing/http://www.circleid.com/posts/eff_cautions_against_unfair_tld_policies_offers_recommendations_on_choosing/
In a white paper released on Thursday, EFF has warned domain registrants against unfair policies set by new TLD registries and offers ways to minimize exposure to trademark bullying. The white paper titled, "Which Internet registries offer the best protection for domain owners?” also touches on how some domain name registries and registrars do a better job of privacy protections. From the paper: "Unfortunately, the Trademark Clearinghouse admits many questionable entries into its database, with the result that legitimate domain registrants are prevented from registering domains during the sunrise period, or are needlessly frightened away from doing so during the subsequent Claims period. ... As if this were not enough, some registries have gone above and beyond what ICANN requires by providing yet more power to brand owners. ... For better protection against trademark bullies, you should generally avoid registering your domain in any of the new gTLD..."
]]>2017-07-28T09:42:00-08:00internetintellectual_propertylawpolicy_regulationtop_level_domainsU.S. House Republicans Ask CEO's of Major Tech, Telecom Companies to Testify on Net Neutralityhttp://www.circleid.com/posts/20170725_house_republicans_ask_tech_telecom_to_testify_on_net_neutrality/http://www.circleid.com/posts/20170725_house_republicans_ask_tech_telecom_to_testify_on_net_neutrality/
U.S. House Republicans have invited CEOs of major technology and telecommunications companies to weigh in on the net neutrality debate amidst Federal Communications Commission move to repeal the Obama-era rules. Harper Neidig reporting in The Hill: "Rep. Greg Walden (R-Ore.), the chairman of the House Energy and Commerce Committee, said in a hearing on Tuesday that he has invited the executives to testify before the panel on September 7 to settle the debate. ... A strong consensus is forming across party lines and across industries that it's time for Congress to call a halt on the back-and-forth and set clear net neutrality ground rules for the internet." Invitations invitations to the chief executives of Facebook, Amazon, Netflix were sent to CEOs of Facebook, Amazon, Netflix, Google parent company Alphabet, Verizon, AT&T, Comcast and Charter Communications.
]]>2017-07-25T13:13:00-08:00internetnet_neutralitypolicy_regulationNo One is Immune: Qatar Crisis Started by a Targeted Poli-Cyber Attackhttp://www.circleid.com/posts/20170725_no_one_immune_qatar_crisis_started_by_a_targeted_poli_cyber_attack/http://www.circleid.com/posts/20170725_no_one_immune_qatar_crisis_started_by_a_targeted_poli_cyber_attack/
The Qatar Crisis started with a targeted Poli-Cyber hack of an unprecedented nature. Its shockwaves and repercussions continue to alter political and business fortunes, directions and paradigms not only in the Gulf region but globally.

Almost everyone around the world is now aware of the this crisis that started early June. By mid July a Washington Post report cited US intelligence officials that the UAE orchestrated hacking of Qatari government sites, sparking regional upheaval that started it all.

The one thing that is 100% certain is that the Qatari government sites and its news agency were hacked. I will address attribution in a future post.

Q: What lessons must be learnt by top business and government decision makers worldwide who don't want something similar happening to them you might ask?

A: NO one is immune, especially when you are targeted by political, ideological, religious or destruction motivated Poli-Cyber terrorist hackers.

Fact: The Qataris had brought in the best brains and bought the best and most expensive cyber security solutions money can buy to defend themselves against cyber attacks. Well, these brains and solutions failed to defend Qatar from a targeted and politically motivated cyber attack.

Also, the Qataris adopted and relied, like many governments and organizations all over the world, on cyber strategies and solutions that were "tried and tested". And the more expensive they were the better they were perceived to be.

Little did they know that these same cyber strategies and solutions they bought have been failing routinely in the last couple of years and on a global and unprecedented scales. A costly lesson that Qatar and the Gulf States will one day measure in the trillions not billions of dollars.

In afternoon of 14th July, the China Academy of Information and Communication Technology (CAICT) and ICANN Beijing Engagement Center jointly held the ICANN 59 China Internet Community Readout Session. Mr. Zhang Ya, Deputy Director of Information and Communication Authority under the Ministry of Industry and Information Technology (MIIT), made his presence and gave opening remarks on the meeting. Over 40 representatives from the Cyberspace Administration, the Ministry of Foreign Affairs, domain name registries and registrars, industrial organizations, institutes and universities participated in the seminar. The attendants introduced the developments of the ICANN 59 Johannesburg Meeting held from June 26 to 29 and further discussed the ICANN affairs and hot topics on the meeting. Paul Wilson, Director General of the Asia-Pacific Network Information Center (APNIC), and Duncan Macintosh, President of the APNIC Foundation, were invited to attend the meeting and exchanged views with members of the Chinese community on Internet governance issues.

ICANN 59 China Internet Community Readout Session

On the meeting, Mr. Zhang Jianchuan, Director of the ICANN Beijing engagement Center, outlined the overall situation of the 59th meeting. Guo Feng, Vice Chair of the Governmental Advisory Committee (GAC) introduced the progress of GAC meetings and participation in Empowered Community. Other attendants, including Chu Nan from CNNIC, Liu Limei from CONAC, Kan Kaili, from At Large Advisory Committee (ALAC), and Professor from Beijing University of Posts and Telecommunications, Pam Little from Alibaba Cloud, Tan Yaling from Teleinfo, introduced the progresses of topics including the ICANN country code Names Supporting Organization (ccNSO), work stream 2 of CCWG-Accountability, the next Generic Names Supporting Organization (GNSO) policy progress and community elections in new gTLD, the impact of the EU General Data Protection Regulation (GDPR) on domain name services, and names and trademark rights protection, and shared their feelings during ICANN 59.

Paul Wilson, Director General of APNICSome of the rough consensuses include: 1. Communities have begun to participate in Empowered Community (EC), but how could EC improve its operation is yet to be observed; 2. Extension of the CCWG WS2 timeline has been basically confirmed; 3. The next GNSO policy progress may be postponed after 2020 due to relevant reviews and policies; 4. The Chinese community should participate actively in GNSO, striving for their own interests and expanding the impact; 5. Carry out research on the impact of GDPR on domain name service compliance and find feasible solutions for the Chinese community. In addition, Song Linjian from the Worldwide Interconnection and Yao Jiankang from the CNNIC shared their experiences about the Domain Name System Security Extensions (DNSSEC) and KSK rollover. The whole seminar was moderated by Liu Yue from CAICT.

During the session, Paul Wilson appreciated the contributions of the Chinese community to ICANN affairs and looked forward to cooperation with more Chinese institutions for facilitating the Internet governance and development within the Asia-Pacific region. Paul Wilson also pointed out that the Asia-Pacific region encompasses a wide range of cultures due to its broad area span, and ICANN should continue to improve its diversity and enhance the representation of Asia-Pacific region. Asian countries should also take full advantage of the community and industry’s initiative, participate more in ICANN affairs and strive for greater benefits for their own users — APNIC will offer its support as usual. Duncan Macintosh introduced the APNIC Foundation and hoped to have further communications with the Chinese community to collaborate on projects.

Representatives all agreed that the Chinese community needed to strengthen communication and have further coordination, enhance the initiative and participation in depth, expand the Chinese community’s participation in ICANN activities and the mass base, as well as have further cooperation with other relevant departments, so as to better solve the Internet governance related issues, promote the development of China's Internet domain name industry jointly and enhance the Chinese community's voice and influence.

]]>2017-07-25T08:17:00-08:00internetdnsdnssecdomain_namesicanninternet_governancepolicy_regulationregistry_services'Not the Best Time' for Proposed Russia-U.S. Cyber Unit, Says NSA Chiefhttp://www.circleid.com/posts/20170723_not_the_best_time_for_russia_us_cyber_unit_says_nsa_chief/http://www.circleid.com/posts/20170723_not_the_best_time_for_russia_us_cyber_unit_says_nsa_chief/
NSA chief, Mike Rogers during the annual Aspen Security Forum on Saturday, shunned the proposed Russia-U.S. cyber unit, stating "I would argue now is probably not the best time to be doing this." From a report in Reuters: "National Security Agency Director Mike Rogers on Saturday rebuffed the prospect for a U.S.-Russia cyber unit, a proposal which has been greeted with incredulity by several senior U.S. lawmakers and which President Donald Trump himself appeared to back down from after initially indicating interest. ... Trump said earlier this month that he had discussed the idea of creating such a group with Russian President Vladimir Putin at the Group of 20 summit in Hamburg."
]]>2017-07-23T10:42:00-08:00internetcybersecuritypolicy_regulationAmazon.com Inc Given New Chance to Secure .AMAZON TLDhttp://www.circleid.com/posts/20170720_amazon_given_new_chance_to_secure_dot_amazon_tld/http://www.circleid.com/posts/20170720_amazon_given_new_chance_to_secure_dot_amazon_tld/
An arbitration panel has given Amazon.com Inc. a new shot at securing the .amazon top-level domain which the company has been fighting for since 2014. Alexis Kramer from BNA News reports: "The independent review panel ordered the Internet Corporation for Assigned Names and Numbers board to 'promptly re-evaluate' Amazon.com’s domain application in a July 10 declaration published late July 17 on ICANN’s website. ... The e-commerce giant has been fighting for the .amazon domain since its application was first denied in May 2014 based on consensus advice from government advisors. Representatives from Brazil and Peru, leading opponents of Amazon’s application, argued that the name has strong geographic ties to the Amazon ecological habitat. The panel said the board failed to independently determine that there were public policy reasons for denying the application." In a special report on the story in The Register, Kieren McCarthy writes: "Unfortunately, this is just the latest example of ICANN's notoriously poor accountability and its tendency to do what it thinks is in its own best interests, regardless of any rules, procedures and bylaws. It is also the third time that ICANN has been called out on its propensity for doing whatever the world's governments ask of it."
]]>2017-07-20T10:38:00-08:00interneticanninternet_governancepolicy_regulationtop_level_domains